WASI has no direct access to the host. Plugins need capabilities in order to fulfill the below requirements
Description
a plugin needs a way to be able to:
mount dirs
mounts files
access the host env
access std
access args passed to the parent process
This can be achieved by adding capabilities in the module starlark declaration.
e.g.:
module(
name = "hetzner",
version = "v0.1.0",
# capabilities represents a set of capabilities that the plugin gains all
# capabilities in starlark map to the capabilities of WASI and are describer here
# https://docs.rs/wasmtime-wasi/latest/wasmtime_wasi/struct.WasiCtxBuilder.html#
capabilities = capabilities(
inherits = [
# inherit process args from the host
INHERIT_ARGS,
# inherit process stdio from the host
INHERIT_STDIO,
# inherit process stdout from the host
INHERIT_STDOUT,
# inherit process environment from the host
INHERIT_ENV,
],
# mounts is a list of mounts that the plugin can use
# this gives the WASI module access to the host filesystem
mounts = [
# mount docker socket as file inside wasi
# add file permissions to read and write
mount(
host_path = "/var/run/docker.sock",
guest_path = "/var/run/docker.sock",
read = true,
write = true,
permissions_type = FILE_TYPE_PERMISSIONS,
),
# mount directory inside wasi
# add directory permissions to read and mutate
mount(
host_path = "/var/lib/hetzner",
guest_path = "/mnt/hetzner",
read = true,
mutate = true,
permissions_type = DIR_TYPE_PERMISSIONS,
),
],
),
)
Acceptance Criteria
The above is read from the starlark config and passed to the WASI plugin when is loaded.
TBD?
linear[bot]
commented
1 month ago
Context
WASI has no direct access to the host. Plugins need capabilities in order to fulfill the below requirements
Description
a plugin needs a way to be able to:
This can be achieved by adding capabilities in the module starlark declaration. e.g.:
Acceptance Criteria
The above is read from the starlark config and passed to the WASI plugin when is loaded. TBD?
/triage /assign /label enhancement